draft-ietf-opsawg-nat-yang-02.txt   draft-ietf-opsawg-nat-yang-03.txt 
Network Working Group M. Boucadair Network Working Group M. Boucadair
Internet-Draft Orange Internet-Draft Orange
Intended status: Standards Track S. Sivakumar Intended status: Standards Track S. Sivakumar
Expires: February 24, 2018 Cisco Systems Expires: March 22, 2018 Cisco Systems
C. Jacquenet C. Jacquenet
Orange Orange
S. Vinapamula S. Vinapamula
Juniper Networks Juniper Networks
Q. Wu Q. Wu
Huawei Huawei
August 23, 2017 September 18, 2017
A YANG Data Model for Network Address Translation (NAT) and Network A YANG Data Model for Network Address Translation (NAT) and Network
Prefix Translation (NPT) Prefix Translation (NPT)
draft-ietf-opsawg-nat-yang-02 draft-ietf-opsawg-nat-yang-03
Abstract Abstract
For the sake of network automation and the need for programming For the sake of network automation and the need for programming
Network Address Translation (NAT) function in particular, a data Network Address Translation (NAT) function in particular, a data
model for configuring and managing the NAT is essential. This model for configuring and managing the NAT is essential. This
document defines a YANG data model for the NAT function. document defines a YANG data model for the NAT function.
NAT44, Network Address and Protocol Translation from IPv6 Clients to NAT44, Network Address and Protocol Translation from IPv6 Clients to
IPv4 Servers (NAT64), Customer-side transLATor (CLAT), Explicit IPv4 Servers (NAT64), Customer-side transLATor (CLAT), Explicit
Address Mappings for Stateless IP/ICMP Translation (SIIT EIM), and Address Mappings for Stateless IP/ICMP Translation (SIIT EAM), and
IPv6 Network Prefix Translation (NPTv6) are covered in this document. IPv6 Network Prefix Translation (NPTv6) are covered in this document.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 24, 2018. This Internet-Draft will expire on March 22, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
skipping to change at page 2, line 38 skipping to change at page 2, line 38
2.3. TCP, UDP and ICMP NAT Behavioral Requirements . . . . . . 6 2.3. TCP, UDP and ICMP NAT Behavioral Requirements . . . . . . 6
2.4. Other Transport Protocols . . . . . . . . . . . . . . . . 6 2.4. Other Transport Protocols . . . . . . . . . . . . . . . . 6
2.5. IP Addresses Used for Translation . . . . . . . . . . . . 6 2.5. IP Addresses Used for Translation . . . . . . . . . . . . 6
2.6. Port Set Assignment . . . . . . . . . . . . . . . . . . . 6 2.6. Port Set Assignment . . . . . . . . . . . . . . . . . . . 6
2.7. Port-Restricted IP Addresses . . . . . . . . . . . . . . 7 2.7. Port-Restricted IP Addresses . . . . . . . . . . . . . . 7
2.8. NAT Mapping Entries . . . . . . . . . . . . . . . . . . . 7 2.8. NAT Mapping Entries . . . . . . . . . . . . . . . . . . . 7
2.9. Resource Limits . . . . . . . . . . . . . . . . . . . . . 9 2.9. Resource Limits . . . . . . . . . . . . . . . . . . . . . 9
2.10. Binding the NAT Function to an Interface . . . . . . . . 10 2.10. Binding the NAT Function to an Interface . . . . . . . . 10
2.11. Tree Structure . . . . . . . . . . . . . . . . . . . . . 10 2.11. Tree Structure . . . . . . . . . . . . . . . . . . . . . 10
3. NAT YANG Module . . . . . . . . . . . . . . . . . . . . . . . 14 3. NAT YANG Module . . . . . . . . . . . . . . . . . . . . . . . 14
4. Security Considerations . . . . . . . . . . . . . . . . . . . 54 4. Security Considerations . . . . . . . . . . . . . . . . . . . 55
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 54 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 55 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 55
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 55 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 56
7.1. Normative References . . . . . . . . . . . . . . . . . . 55 7.1. Normative References . . . . . . . . . . . . . . . . . . 56
7.2. Informative References . . . . . . . . . . . . . . . . . 56 7.2. Informative References . . . . . . . . . . . . . . . . . 57
Appendix A. Sample Examples . . . . . . . . . . . . . . . . . . 58 Appendix A. Sample Examples . . . . . . . . . . . . . . . . . . 59
A.1. Traditional NAT44 . . . . . . . . . . . . . . . . . . . . 59 A.1. Traditional NAT44 . . . . . . . . . . . . . . . . . . . . 59
A.2. CGN . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 A.2. CGN . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
A.3. CGN Pass-Through . . . . . . . . . . . . . . . . . . . . 63 A.3. CGN Pass-Through . . . . . . . . . . . . . . . . . . . . 64
A.4. NAT64 . . . . . . . . . . . . . . . . . . . . . . . . . . 64 A.4. NAT64 . . . . . . . . . . . . . . . . . . . . . . . . . . 65
A.5. Explicit Address Mappings for Stateless IP/ICMP A.5. Explicit Address Mappings for Stateless IP/ICMP
Translation . . . . . . . . . . . . . . . . . . . . . . . 64 Translation . . . . . . . . . . . . . . . . . . . . . . . 65
A.6. Static Mappings with Port Ranges . . . . . . . . . . . . 68 A.6. Static Mappings with Port Ranges . . . . . . . . . . . . 69
A.7. Static Mappings with IP Prefixes . . . . . . . . . . . . 68 A.7. Static Mappings with IP Prefixes . . . . . . . . . . . . 69
A.8. Destination NAT . . . . . . . . . . . . . . . . . . . . . 69 A.8. Destination NAT . . . . . . . . . . . . . . . . . . . . . 70
A.9. CLAT . . . . . . . . . . . . . . . . . . . . . . . . . . 72 A.9. CLAT . . . . . . . . . . . . . . . . . . . . . . . . . . 73
A.10. NPTv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 72 A.10. NPTv6 . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 75
1. Introduction 1. Introduction
This document defines a data model for Network Address Translation This document defines a data model for Network Address Translation
(NAT) and Network Prefix Translation (NPT) capabilities using the (NAT) and Network Prefix Translation (NPT) capabilities using the
YANG data modeling language [RFC6020]. YANG data modeling language [RFC6020].
Traditional NAT is defined in [RFC2663], while Carrier Grade NAT Traditional NAT is defined in [RFC2663], while Carrier Grade NAT
(CGN) is defined in [RFC6888]. Unlike traditional NAT, the CGN is (CGN) is defined in [RFC6888]. Unlike traditional NAT, the CGN is
used to optimize the usage of global IP address space at the scale of used to optimize the usage of global IP address space at the scale of
skipping to change at page 10, line 29 skipping to change at page 10, line 29
The tree structure of the NAT data model is provided below: The tree structure of the NAT data model is provided below:
module: ietf-nat module: ietf-nat
+--rw nat-module +--rw nat-module
+--rw nat-instances +--rw nat-instances
+--rw nat-instance* [id] +--rw nat-instance* [id]
+--rw id uint32 +--rw id uint32
+--rw name? string +--rw name? string
+--rw enable? boolean +--rw enable? boolean
+--ro nat-capabilities +--rw nat-capabilities
| +--ro nat-flavor* identityref | +--rw nat-flavor* identityref
| +--ro nat44-flavor* identityref | +--rw nat44-flavor* identityref
| +--ro restricted-port-support? boolean | +--rw restricted-port-support? boolean
| +--ro static-mapping-support? boolean | +--rw static-mapping-support? boolean
| +--ro port-randomization-support? boolean | +--rw port-randomization-support? boolean
| +--ro port-range-allocation-support? boolean | +--rw port-range-allocation-support? boolean
| +--ro port-preservation-suport? boolean | +--rw port-preservation-suport? boolean
| +--ro port-parity-preservation-support? boolean | +--rw port-parity-preservation-support? boolean
| +--ro address-roundrobin-support? boolean | +--rw address-roundrobin-support? boolean
| +--ro paired-address-pooling-support? boolean | +--rw paired-address-pooling-support? boolean
| +--ro endpoint-independent-mapping-support? boolean | +--rw endpoint-independent-mapping-support? boolean
| +--ro address-dependent-mapping-support? boolean | +--rw address-dependent-mapping-support? boolean
| +--ro address-and-port-dependent-mapping-support? boolean | +--rw address-and-port-dependent-mapping-support? boolean
| +--ro endpoint-independent-filtering-support? boolean | +--rw endpoint-independent-filtering-support? boolean
| +--ro address-dependent-filtering? boolean | +--rw address-dependent-filtering? boolean
| +--ro address-and-port-dependent-filtering? boolean | +--rw address-and-port-dependent-filtering? boolean
+--rw internal-interfaces* [internal-interface] +--rw internal-interfaces* [internal-interface]
| +--rw internal-interface if:interface-ref | +--rw internal-interface if:interface-ref
+--rw external-interfaces* [external-interface] +--rw external-interfaces* [external-interface]
| +--rw external-interface if:interface-ref | +--rw external-interface if:interface-ref
+--rw external-ip-address-pool* [pool-id] +--rw external-ip-address-pool* [pool-id]
| +--rw pool-id uint32 | +--rw pool-id uint32
| +--rw external-ip-pool? inet:ipv4-prefix | +--rw external-ip-pool? inet:ipv4-prefix
+--rw port-set-restrict +--rw port-set-restrict
| +--rw (port-type)? | +--rw (port-type)?
| +--:(port-range) | +--:(port-range)
skipping to change at page 11, line 31 skipping to change at page 11, line 31
| +--rw destination-ipv4-prefix* [ipv4-prefix] | +--rw destination-ipv4-prefix* [ipv4-prefix]
| +--rw ipv4-prefix inet:ipv4-prefix | +--rw ipv4-prefix inet:ipv4-prefix
+--rw clat-ipv6-prefixes* [clat-ipv6-prefix] +--rw clat-ipv6-prefixes* [clat-ipv6-prefix]
| +--rw clat-ipv6-prefix inet:ipv6-prefix | +--rw clat-ipv6-prefix inet:ipv6-prefix
+--rw clat-ipv4-prefixes* [clat-ipv4-prefix] +--rw clat-ipv4-prefixes* [clat-ipv4-prefix]
| +--rw clat-ipv4-prefix inet:ipv4-prefix | +--rw clat-ipv4-prefix inet:ipv4-prefix
+--rw nptv6-prefixes* [translation-id] +--rw nptv6-prefixes* [translation-id]
| +--rw translation-id uint32 | +--rw translation-id uint32
| +--rw internal-ipv6-prefix? inet:ipv6-prefix | +--rw internal-ipv6-prefix? inet:ipv6-prefix
| +--rw external-ipv6-prefix? inet:ipv6-prefix | +--rw external-ipv6-prefix? inet:ipv6-prefix
+--rw eam* [eam-ipv4-prefix]
| +--rw eam-ipv4-prefix inet:ipv4-prefix
| +--rw eam-ipv6-prefix? inet:ipv6-prefix
+--rw supported-transport-protocols* [transport-protocol-id] +--rw supported-transport-protocols* [transport-protocol-id]
| +--rw transport-protocol-id uint8 | +--rw transport-protocol-id uint8
| +--rw transport-protocol-name? string | +--rw transport-protocol-name? string
+--rw subscriber-mask-v6? uint8 +--rw subscriber-mask-v6? uint8
+--rw subscriber-match* [sub-match-id] +--rw subscriber-match* [sub-match-id]
| +--rw sub-match-id uint32 | +--rw sub-match-id uint32
| +--rw sub-mask inet:ip-prefix | +--rw sub-mask inet:ip-prefix
+--rw nat-pass-through* [nat-pass-through-id] +--rw nat-pass-through* [nat-pass-through-id]
| +--rw nat-pass-through-id uint32 | +--rw nat-pass-through-id uint32
| +--rw nat-pass-through-pref? inet:ip-prefix | +--rw nat-pass-through-pref? inet:ip-prefix
skipping to change at page 14, line 24 skipping to change at page 14, line 27
+--ro ports-allocated? uint32 +--ro ports-allocated? uint32
+--ro ports-free? uint32 +--ro ports-free? uint32
notifications: notifications:
+---n nat-event +---n nat-event
+--ro id? -> /nat-module/nat-instances/nat-instance/id +--ro id? -> /nat-module/nat-instances/nat-instance/id
+--ro notify-pool-threshold percent +--ro notify-pool-threshold percent
3. NAT YANG Module 3. NAT YANG Module
<CODE BEGINS> file "ietf-nat@2017-08-23.yang" <CODE BEGINS> file "ietf-nat@2017-09-18.yang"
module ietf-nat { module ietf-nat {
namespace "urn:ietf:params:xml:ns:yang:ietf-nat"; namespace "urn:ietf:params:xml:ns:yang:ietf-nat";
//namespace to be assigned by IANA //namespace to be assigned by IANA
prefix "nat"; prefix "nat";
import ietf-inet-types { prefix inet; } import ietf-inet-types { prefix inet; }
import ietf-yang-types { prefix yang; } import ietf-yang-types { prefix yang; }
skipping to change at page 15, line 18 skipping to change at page 15, line 19
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2017-09-18 {
description "Comments from Tore Anderson about EAM-SIIT.";
reference "-ietf-03";
}
revision 2017-08-23 { revision 2017-08-23 {
description "Comments from F. Baker about NPTv6."; description "Comments from F. Baker about NPTv6.";
reference "-ietf-02"; reference "-ietf-02";
} }
revision 2017-08-21 { revision 2017-08-21 {
description " Includes CLAT (Lee/Jordi)."; description " Includes CLAT (Lee/Jordi).";
reference "-ietf-01"; reference "-ietf-01";
} }
skipping to change at page 32, line 30 skipping to change at page 32, line 39
description description
"An IPv6 prefix used by the external interface "An IPv6 prefix used by the external interface
of NPTv6."; of NPTv6.";
reference reference
"RFC 6296."; "RFC 6296.";
} }
} }
list eam {
when "../nat-capabilities/nat-flavor = 'eam' ";
key eam-ipv4-prefix;
description
"The Explicit Address Mapping Table, a conceptual
table in which each row represents an EAM.
Each EAM describes a mapping between IPv4 and IPv6
prefixes/addresses.";
reference "Section 3.1 of RFC 7757.";
leaf eam-ipv4-prefix {
type inet:ipv4-prefix;
description
"The IPv4 prefix of an EAM.";
reference
"Section 3.2 of RFC 7757.";
}
leaf eam-ipv6-prefix {
type inet:ipv6-prefix;
description
"The IPv6 prefix of an EAM.";
reference
"Section 3.2 of RFC 7757.";
}
}
list supported-transport-protocols { list supported-transport-protocols {
key transport-protocol-id; key transport-protocol-id;
description description
"Supported transport protocols. "Supported transport protocols.
TCP and UDP are supported by default."; TCP and UDP are supported by default.";
leaf transport-protocol-id { leaf transport-protocol-id {
type uint8; type uint8;
skipping to change at page 45, line 41 skipping to change at page 46, line 34
description description
"A NAT instance."; "A NAT instance.";
leaf id { leaf id {
type uint32; type uint32;
description description
"NAT instance identifier."; "NAT instance identifier.";
reference reference
"RFC 7659."; "RFC7659.";
} }
leaf name { leaf name {
type string; type string;
description description
"A name associated with the NAT instance."; "A name associated with the NAT instance.";
} }
leaf enable { leaf enable {
type boolean; type boolean;
description description
"Status of the the NAT instance."; "Status of the the NAT instance.";
} }
container nat-capabilities { container nat-capabilities {
config false; // config false;
description description
"NAT capabilities"; "NAT capabilities";
leaf-list nat-flavor { leaf-list nat-flavor {
type identityref { type identityref {
base nat-type; base nat-type;
} }
description description
"Type of NAT."; "Type of NAT.";
skipping to change at page 50, line 5 skipping to change at page 50, line 43
"'nat44' or "+ "'nat44' or "+
"../nat-capabilities/nat-flavor = "+ "../nat-capabilities/nat-flavor = "+
"'nat64'or "+ "'nat64'or "+
"../nat-capabilities/nat-flavor = "+ "../nat-capabilities/nat-flavor = "+
"'clat'or "+ "'clat'or "+
"../nat-capabilities/nat-flavor = 'dst-nat'"; "../nat-capabilities/nat-flavor = 'dst-nat'";
description description
"NAT mapping table. Applicable for functions "NAT mapping table. Applicable for functions
which maintains static and/or dynamic mappings, which maintains static and/or dynamic mappings,
such as NAT44, Destination NAT, NAT64, CLAT, such as NAT44, Destination NAT, NAT64, or CLAT.";
or EAM.";
list mapping-entry { list mapping-entry {
key "index"; key "index";
description description
"NAT mapping entry."; "NAT mapping entry.";
uses mapping-entry; uses mapping-entry;
} }
} }
skipping to change at page 55, line 17 skipping to change at page 56, line 8
prefix: nat prefix: nat
reference: RFC XXXX reference: RFC XXXX
6. Acknowledgements 6. Acknowledgements
Many thanks to Dan Wing and Tianran Zhou for the review. Many thanks to Dan Wing and Tianran Zhou for the review.
Thanks to Juergen Schoenwaelder for the comments on the YANG Thanks to Juergen Schoenwaelder for the comments on the YANG
structure and the suggestion to use NMDA. structure and the suggestion to use NMDA.
Thanks to Lee Howard and Jordi Palet for the CLAT comments and to Thanks to Lee Howard and Jordi Palet for the CLAT comments, Fred
Fred Baker for the NPTv6 comments. Baker for the NPTv6 comments, and Tore Anderson for EAM SIIT review.
Special thanks to Maros Marsalek and Marek Gradzki for sharing their Special thanks to Maros Marsalek and Marek Gradzki for sharing their
comments based on the FD.io implementation. comments based on the FD.io implementation.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, <https://www.rfc- DOI 10.17487/RFC3688, January 2004,
editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
[RFC4787] Audet, F., Ed. and C. Jennings, "Network Address [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for Unicast Translation (NAT) Behavioral Requirements for Unicast
UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <https://www.rfc-editor.org/info/rfc4787>. 2007, <https://www.rfc-editor.org/info/rfc4787>.
[RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P. [RFC5382] Guha, S., Ed., Biswas, K., Ford, B., Sivakumar, S., and P.
Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142, Srisuresh, "NAT Behavioral Requirements for TCP", BCP 142,
RFC 5382, DOI 10.17487/RFC5382, October 2008, RFC 5382, DOI 10.17487/RFC5382, October 2008,
<https://www.rfc-editor.org/info/rfc5382>. <https://www.rfc-editor.org/info/rfc5382>.
[RFC5508] Srisuresh, P., Ford, B., Sivakumar, S., and S. Guha, "NAT [RFC5508] Srisuresh, P., Ford, B., Sivakumar, S., and S. Guha, "NAT
Behavioral Requirements for ICMP", BCP 148, RFC 5508, Behavioral Requirements for ICMP", BCP 148, RFC 5508,
DOI 10.17487/RFC5508, April 2009, <https://www.rfc- DOI 10.17487/RFC5508, April 2009,
editor.org/info/rfc5508>. <https://www.rfc-editor.org/info/rfc5508>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, <https://www.rfc- DOI 10.17487/RFC6020, October 2010,
editor.org/info/rfc6020>. <https://www.rfc-editor.org/info/rfc6020>.
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <https://www.rfc-editor.org/info/rfc6146>. April 2011, <https://www.rfc-editor.org/info/rfc6146>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>. <https://www.rfc-editor.org/info/rfc6242>.
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536, Protocol (NETCONF) Access Control Model", RFC 6536,
DOI 10.17487/RFC6536, March 2012, <https://www.rfc- DOI 10.17487/RFC6536, March 2012,
editor.org/info/rfc6536>. <https://www.rfc-editor.org/info/rfc6536>.
[RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT: [RFC6877] Mawatari, M., Kawashima, M., and C. Byrne, "464XLAT:
Combination of Stateful and Stateless Translation", Combination of Stateful and Stateless Translation",
RFC 6877, DOI 10.17487/RFC6877, April 2013, RFC 6877, DOI 10.17487/RFC6877, April 2013,
<https://www.rfc-editor.org/info/rfc6877>. <https://www.rfc-editor.org/info/rfc6877>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>. April 2013, <https://www.rfc-editor.org/info/rfc6888>.
[RFC7757] Anderson, T. and A. Leiva Popper, "Explicit Address [RFC7757] Anderson, T. and A. Leiva Popper, "Explicit Address
Mappings for Stateless IP/ICMP Translation", RFC 7757, Mappings for Stateless IP/ICMP Translation", RFC 7757,
DOI 10.17487/RFC7757, February 2016, <https://www.rfc- DOI 10.17487/RFC7757, February 2016,
editor.org/info/rfc7757>. <https://www.rfc-editor.org/info/rfc7757>.
[RFC7857] Penno, R., Perreault, S., Boucadair, M., Ed., Sivakumar, [RFC7857] Penno, R., Perreault, S., Boucadair, M., Ed., Sivakumar,
S., and K. Naito, "Updates to Network Address Translation S., and K. Naito, "Updates to Network Address Translation
(NAT) Behavioral Requirements", BCP 127, RFC 7857, (NAT) Behavioral Requirements", BCP 127, RFC 7857,
DOI 10.17487/RFC7857, April 2016, <https://www.rfc- DOI 10.17487/RFC7857, April 2016,
editor.org/info/rfc7857>. <https://www.rfc-editor.org/info/rfc7857>.
7.2. Informative References 7.2. Informative References
[I-D.boucadair-pcp-yang] [I-D.boucadair-pcp-yang]
Boucadair, M., Jacquenet, C., Sivakumar, S., and S. Boucadair, M., Jacquenet, C., Sivakumar, S., and S.
Vinapamula, "YANG Data Models for the Port Control Vinapamula, "YANG Data Models for the Port Control
Protocol (PCP)", draft-boucadair-pcp-yang-04 (work in Protocol (PCP)", draft-boucadair-pcp-yang-04 (work in
progress), May 2017. progress), May 2017.
[I-D.ietf-behave-ipfix-nat-logging] [I-D.ietf-behave-ipfix-nat-logging]
skipping to change at page 57, line 28 skipping to change at page 58, line 18
Support", draft-ietf-tsvwg-natsupp-11 (work in progress), Support", draft-ietf-tsvwg-natsupp-11 (work in progress),
July 2017. July 2017.
[RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address
Translator (NAT) Terminology and Considerations", Translator (NAT) Terminology and Considerations",
RFC 2663, DOI 10.17487/RFC2663, August 1999, RFC 2663, DOI 10.17487/RFC2663, August 1999,
<https://www.rfc-editor.org/info/rfc2663>. <https://www.rfc-editor.org/info/rfc2663>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, <https://www.rfc- DOI 10.17487/RFC3022, January 2001,
editor.org/info/rfc3022>. <https://www.rfc-editor.org/info/rfc3022>.
[RFC5597] Denis-Courmont, R., "Network Address Translation (NAT) [RFC5597] Denis-Courmont, R., "Network Address Translation (NAT)
Behavioral Requirements for the Datagram Congestion Behavioral Requirements for the Datagram Congestion
Control Protocol", BCP 150, RFC 5597, Control Protocol", BCP 150, RFC 5597,
DOI 10.17487/RFC5597, September 2009, <https://www.rfc- DOI 10.17487/RFC5597, September 2009,
editor.org/info/rfc5597>. <https://www.rfc-editor.org/info/rfc5597>.
[RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
DOI 10.17487/RFC6052, October 2010, <https://www.rfc- DOI 10.17487/RFC6052, October 2010,
editor.org/info/rfc6052>. <https://www.rfc-editor.org/info/rfc6052>.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011,
<https://www.rfc-editor.org/info/rfc6296>. <https://www.rfc-editor.org/info/rfc6296>.
[RFC6302] Durand, A., Gashinsky, I., Lee, D., and S. Sheppard, [RFC6302] Durand, A., Gashinsky, I., Lee, D., and S. Sheppard,
"Logging Recommendations for Internet-Facing Servers", "Logging Recommendations for Internet-Facing Servers",
BCP 162, RFC 6302, DOI 10.17487/RFC6302, June 2011, BCP 162, RFC 6302, DOI 10.17487/RFC6302, June 2011,
<https://www.rfc-editor.org/info/rfc6302>. <https://www.rfc-editor.org/info/rfc6302>.
[RFC6736] Brockners, F., Bhandari, S., Singh, V., and V. Fajardo, [RFC6736] Brockners, F., Bhandari, S., Singh, V., and V. Fajardo,
"Diameter Network Address and Port Translation Control "Diameter Network Address and Port Translation Control
Application", RFC 6736, DOI 10.17487/RFC6736, October Application", RFC 6736, DOI 10.17487/RFC6736, October
2012, <https://www.rfc-editor.org/info/rfc6736>. 2012, <https://www.rfc-editor.org/info/rfc6736>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013, <https://www.rfc- DOI 10.17487/RFC6887, April 2013,
editor.org/info/rfc6887>. <https://www.rfc-editor.org/info/rfc6887>.
[RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335, [RFC7335] Byrne, C., "IPv4 Service Continuity Prefix", RFC 7335,
DOI 10.17487/RFC7335, August 2014, <https://www.rfc- DOI 10.17487/RFC7335, August 2014,
editor.org/info/rfc7335>. <https://www.rfc-editor.org/info/rfc7335>.
[RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I.
Farrer, "Lightweight 4over6: An Extension to the Dual- Farrer, "Lightweight 4over6: An Extension to the Dual-
Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596,
July 2015, <https://www.rfc-editor.org/info/rfc7596>. July 2015, <https://www.rfc-editor.org/info/rfc7596>.
[RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S.,
Murakami, T., and T. Taylor, Ed., "Mapping of Address and Murakami, T., and T. Taylor, Ed., "Mapping of Address and
Port with Encapsulation (MAP-E)", RFC 7597, Port with Encapsulation (MAP-E)", RFC 7597,
DOI 10.17487/RFC7597, July 2015, <https://www.rfc- DOI 10.17487/RFC7597, July 2015,
editor.org/info/rfc7597>. <https://www.rfc-editor.org/info/rfc7597>.
[RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor, [RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor,
"Definitions of Managed Objects for Network Address "Definitions of Managed Objects for Network Address
Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659, Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659,
October 2015, <https://www.rfc-editor.org/info/rfc7659>. October 2015, <https://www.rfc-editor.org/info/rfc7659>.
[RFC7753] Sun, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T., [RFC7753] Sun, Q., Boucadair, M., Sivakumar, S., Zhou, C., Tsou, T.,
and S. Perreault, "Port Control Protocol (PCP) Extension and S. Perreault, "Port Control Protocol (PCP) Extension
for Port-Set Allocation", RFC 7753, DOI 10.17487/RFC7753, for Port-Set Allocation", RFC 7753, DOI 10.17487/RFC7753,
February 2016, <https://www.rfc-editor.org/info/rfc7753>. February 2016, <https://www.rfc-editor.org/info/rfc7753>.
skipping to change at page 65, line 21 skipping to change at page 67, line 5
| 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 | | 4 | 192.0.2.128/26 | 2001:db8:dddd::/64 |
| 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 | | 5 | 192.0.2.192/29 | 2001:db8:eeee:8::/62 |
| 6 | 192.0.2.224/31 | 64:ff9b::/127 | | 6 | 192.0.2.224/31 | 64:ff9b::/127 |
+---+----------------+----------------------+ +---+----------------+----------------------+
Figure 2: EAM Examples (RFC7757) Figure 2: EAM Examples (RFC7757)
The following XML excerpt illustrates how these EAMs can be The following XML excerpt illustrates how these EAMs can be
configured using the YANG NAT module: configured using the YANG NAT module:
<mapping-table> <eam>
<mapping-entry> <eam-ipv4-prefix>
<index>1</index>
<type>static</type>
<internal-dst-address>
192.0.2.1 192.0.2.1
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
2001:db8:aaaa:: 2001:db8:aaaa::
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
<mapping-entry> <eam>
<index>2</index> <eam-ipv4-prefix>
<type>static</type>
<internal-dst-address>
192.0.2.2/32 192.0.2.2/32
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
2001:db8:bbbb::b/128 2001:db8:bbbb::b/128
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
<mapping-entry> <eam>
<index>3</index> <eam-ipv4-prefix>
<type>static</type>
<internal-dst-address>
192.0.2.16/28 192.0.2.16/28
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
2001:db8:cccc::/124 2001:db8:cccc::/124
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
<mapping-entry> <eam>
<index>4</index> <eam-ipv4-prefix>
<type>static</type>
<internal-dst-address>
192.0.2.128/26 192.0.2.128/26
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
2001:db8:dddd::/64 2001:db8:dddd::/64
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
<mapping-entry> <eam>
<index>5</index> <eam-ipv4-prefix>
<type>static</type>
<internal-dst-address>
192.0.2.192/29 192.0.2.192/29
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
2001:db8:eeee:8::/62 2001:db8:eeee:8::/62
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
<mapping-entry> <eam>
<index>6</index> <eam-ipv4-prefix>
<type>static</type>
<internal-dst-address>
192.0.2.224/31 192.0.2.224/31
</internal-dst-address> </eam-ipv4-prefix>
<external-dst-address> <eam-ipv6-prefix>
64:ff9b::/127 64:ff9b::/127
</external-dst-address> </eam-ipv6-prefix>
</mapping-entry> </eam>
</mapping-table>
EAMs may be enabled jointly with statefull NAT64. This example shows EAMs may be enabled jointly with statefull NAT64. This example shows
a NAT64 fucntion that supports static mappings: a NAT64 fucntion that supports static mappings:
<nat-capabilities <nat-capabilities
<nat-flavor> <nat-flavor>
nat64 nat64
</nat44-flavor> </nat44-flavor>
<static-mapping-support> <static-mapping-support>
true true
</static-mapping-support> </static-mapping-support>
 End of changes. 45 change blocks. 
122 lines changed or deleted 149 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/